Governance Risk Compliance Lead

About the Role:

Guardant is seeking a Governance Risk & Compliance (GRC) Lead with 510 years of experience to drive the evolution of our Information Security Governance Risk and Compliance program. At Guardant we value innovation over rigid adherence to traditional compliance methodsour ideal candidate is a forwardthinking nondogmatic  new leader who sees compliance as a business enabler rather than a bottleneck. After gaining experience supporting  GRC programs designed or led by others you are eager to build one that challenges the status quo.  This role is designed for someone who is willing to leverage native workplace technology to eliminate manual repetitive and performative tasks allowing the organization to focus on our core mission.

The ideal candidate will have a mastery of compliance frameworks and a passion for streamlining governance processes through automation modern risk management techniques and proactive controls. At Guardant we believe in staying Connected to the Work meaning that even in leadership roles team members are expected to stay handsoncontributing as engineers or analysts in their field. If youre looking to redefine GRC drive efficiency and integrate security seamlessly into business operations wed love to hear from you.

Essential Duties and Responsibilities:

• Develop maintain and enhance the security governance risk and compliance program emphasizing automation rightsized controls and proactive compliance monitoring ensuring alignment with business objectives and regulatory requirements (e.g. HIPAA Security Rule ISO 27001 GDPRSOX404.
• Lead the organizations pursuit of ISO 27001 certification ensuring compliance and continuous improvement of best practices.
• Drive a culture of accountability through success metrics and goals through continuous monitoring.

• Develop and maintain security policies standards and procedures that align with business goals and regulatory requirements.
• Identify and address governance gaps ensuring timely implementation of recommendations across business units.
• Implement automated compliance and security controls to continuously monitor security risks exceptions testing and overall compliance.

• Conduct and oversee internal assessments and security control testing ensuring compliance with regulations and protecting sensitive data.
• Prepare and present risk assessments and remediation plans to leadership tracking progress toward resolution.
• Partner with Privacy Compliance and Regulatory teams to ensure security operations meet regulatory and business needs.
• Establish and maintain a Security Trust Program to support customer engagements audits and assessments.

• Act as a trusted advisor to both business and technical teams ensuring GRC goals align with the overall security strategy.
• Provide insights and recommendations to the CISO on regulatory changes and emerging risks.

• Restructure and streamline the thirdparty risk management program ensuring vendors meet security and compliance requirements.

Qualifications :

Essential Qualifications:

• 5 years of experience in Governance Risk and Compliance (GRC) or a related field with at least 2 years in a leadership or program management role.
• Experience in healthcare settings preferred but not required.
• Experience with qualitative risk approaches or the ambition to fast ramp on such approaches.
• Strong knowledge of information security management governance and compliance principles including laws regulations and industry standards.

• Deep understanding of regulatory frameworks and industry standards including:
  • Required: ISO 27001 HIPAA GDPR 21 CFR Part 11.
  • Preferred: NIST CSF NIST SP 80053 r5 NIST SP 80030 r1 Secure Controls Framework (SCF).
• Strong familiarity with cybersecurity and cloud security frameworks experience with the Secure Controls Framework desired but not required.
• Experience with risk management compliance resilience security policy and standards vendor risk management security metrics and security training & awareness.
• Proficiency with Atlassian tools (JIRA Confluence) for designing projects dashboards and dynamic documentation.
• Conceptual understanding of security technologies across both onpremises and cloud infrastructures.
• Certifications (Preferred but Not Required): CISSP CISA CRISC

• Exceptional ability to convey technical and security concepts to diverse stakeholders including nontechnical audiences.
• Skilled in tackling compliance challenges and making informed riskbased decisions.
• Proven ability to establish credibility and build trust across the organization particularly with engineers researchers and G&A functions.
• Sustained capability to stay updated with evolving regulations industry best practices and emerging risks.

Additional Information :

Hybrid Work Model: At Guardant Health we have defined days for inperson/onsite collaboration and workfromhome days for individualfocused time. All U.S. employees who live within 50 miles of a Guardant facility will be required to be onsite on Mondays Tuesdays and Thursdays. We have found aligning our scheduled inoffice days allows our teams to do the best work and creates the focused thinking time our innovative work requires. At Guardant our work model has created flexibility for better worklife balance while keeping teams connected to advance our science for our patients.

The US base salary range for this fulltime position is $108.800 to $149600. The range does not include benefits and if applicable bonus commission or equity. The range displayed reflects the minimum and maximum target for new hire salaries across all US locations for the posted role with the exception of any locations specifically referenced below. 

For positions based in Palo Alto CA the base salary range for this fulltime position is $128000 to $176000. The range does not include benefits and if applicable bonus commission or equity.

Within the range individual pay is determined by work location and additional factors including but not limited to jobrelated skills experience and relevant education or training. If you are selected to move forward the recruiting team will provide details specific to the factors above.

Employee may be required to lift routine office supplies and use office equipment. Majority of the work is performed in a desk/office environment; however there may be exposure to high noise levels fumes and biohazard material in the laboratory environment. Ability to sit for extended periods of time.

Guardant Health is committed to providing reasonable accommodations in our hiring processes for candidates with disabilities longterm conditions mental health conditions or sincerely held religious beliefs. If you need support please reach out to 

Guardant Health is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race color religion sex sexual orientation gender identity national origin or protected veteran status and will not be discriminated against on the basis of disability.

All your information will be kept confidential according to EEO guidelines.

To learn more about the information collected when you apply for a position at Guardant Health Inc. and how it is used please review our Privacy Notice for Job Applicants.

Please visit our career page at:  Work :

Yes